0 EUR Go to Cart0 items
Cart is empty
  • Czech Slovak English
    • The EVBIKE store is at a new address 😍, for more information ►
    Have questions? Contact us.
    kontakt

    +420 773 744 102

    amail

    info@evbike.cz

    PRINCIPLES OF PERSONAL DATA PROCESSING AND PROTECTION

    The purpose of these Principles of Personal Data Processing and Protection (hereinafter referred to as the "Principles") is to provide information about what personal data is processed about individuals when our company provides services and sells goods, for what purposes and for how long our company processes this personal data in accordance with applicable law, to whom and for what reason it may be transferred, and also to inform individuals about their rights in relation to the processing of their personal data. The policy is effective from May 25, 2018, and is issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR").

    1. Personal data controller, contact details for GDPR matters

    The personal data controller is GEVIZO s.r.o., VAT No. CZ07718128, with its registered office at Libušská 620/25, 142 00 Prague 4, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 306224 (hereinafter referred to as the "Controller"). Any questions regarding the processing of personal data can be sent to the Administrator's registered office, to the e-mail address info@evbike.cz or by calling +420 773 744 102.

    2. Scope of processing and categories of personal data that are subject to processing

    Personal data is processed to the extent that the relevant data subject has provided it to the Controller in connection with the conclusion of a contractual or other legal relationship with the Controller, or which the Controller has collected in another manner and processes in accordance with applicable legal regulations or to fulfill the Controller's legal obligations. The Controller processes the following categories of personal data:
    a)  first and last name, or academic title,
    b) business name,
    c)  company ID number, VAT number,
    d) permanent address,
    e)  registered office or place of business,
    f) delivery address,
    g) contact email address,
    h)  contact telephone number,
    i) job position and/or function in the company,
    j)  bank details,
    k) records of behavior on websites administered by the Controller obtained from cookies if cookies are enabled in the web browser.

    The personal data of the data subject is processed only to the extent necessary to achieve the individual purposes of processing.

    3. Purpose of personal data processing

    Processing for the purpose of fulfilling a contract, fulfilling legal obligations, and for the legitimate interests of the Controller The provision of personal data necessary for the fulfillment of a contract, the fulfillment of the Controller's legal obligations, and the protection of the Controller's legitimate interests is mandatory. Without the provision of personal data for these purposes, it would not be possible to provide services. The Controller does not need the consent of the data subject to process personal data for these purposes.

    The basic sub-purposes for the processing of personal data are, in particular:

    a) processes related to the identification and possible contacting of the customer (performance of a contract),

    b) provision of services and delivery of ordered goods (performance of a contract),

    c) billing for services, issuing tax documents (performance of a contract),

    d) fulfilling legal tax obligations (fulfillment of legal obligations),

    e) debt collection from customers and other customer disputes (legitimate interest),

    f) debtor records (legitimate interest).

    Personal data for these activities is processed to the extent necessary to fulfill these activities and for the time necessary to achieve them or for the time directly specified by law. Personal data is then deleted or anonymized. The basic time limits for the processing of personal data are available below in Article 5 of the Principles. Processing based on legitimate interest is carried out only if the legitimate interests of the Controller do not override the rights and freedoms of the data subject.

    Processing of customer data with their consent for marketing and business purposes

    With the consent of the data subject, the Controller processes personal data for marketing and business purposes in order to create a suitable offer of the Controller's products and services and in connection with contacting the customer, exclusively in the form of electronic communication via the contact email address. Consent to marketing and business purposes is voluntary and may be revoked by the data subject at any time. This consent remains valid for 10 years from the date of its granting or for the duration of the use of the Controller's services and for the following 10 years thereafter or until the data subject revokes it. For marketing and commercial purposes, all categories of data listed in Article 2 of this Policy may be processed on the basis of consent. If the data subject revokes their consent, this does not affect the processing of their personal data by the Controller for other purposes and on the basis of other legal titles, in accordance with this Policy.

    By filling out the contact form, visitors to the Seller's website:

    • a) consent to the use of their personal data for the purpose of sending the Seller's commercial communications electronically and, at the same time,
    • b) declares that they do not consider the sending of information under point a) to be unsolicited advertising within the meaning of Act No. 40/1995 Coll., as amended, as the user expressly agrees to the sending of information under point a) in conjunction with Section 7 of Act No. 480/2004 Coll.
    • c) the user may revoke their consent under this paragraph at any time in writing by email to info@evbike.cz

    Processing of cookies from websites operated by the Administrator

    If the data subject has cookies enabled in their web browser, the Administrator processes records of their behavior from cookies placed on websites operated by the Administrator to the extent permitted by the user of these websites through their web browser settings or through the Administrator's web tool for managing cookies located on websites operated by the Administrator.

    4. Method of processing and protecting personal data

    Personal data is processed by the Controller. Processing is carried out at its premises and headquarters by individual authorized employees of the Controller or by a processor. Processing is carried out using computer technology or manually in the case of personal data in paper form, in compliance with all security principles for the management and processing of personal data. To this end, the Controller has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, its alteration, destruction or loss, unauthorized transfers, unauthorized processing, and other misuse of personal data. All entities to whom personal data may be disclosed respect the data subjects' right to privacy and are required to comply with applicable laws regarding the protection of personal data. When processing personal data, the Controller does not engage in automated decision-making within the meaning of Article 22 of the GDPR.

    5. Period of personal data processing

    Personal data is processed for the period necessary for the purposes for which the data is processed, in accordance with the deadlines specified in the relevant contracts, in the Controller's filing and disposal rules, or in the relevant legal regulations. The period for which personal data will be stored is determined as follows:

    a)  In the case of service customers, the Controller is entitled, provided that they have fulfilled all their obligations towards the Controller, to process their basic personal, identification, and contact details, data on services, and data from their communication with the Controller in the customer database for a period of 4 years from the date of termination of the last contract with the Controller.
    b)  In the case of the purchase of goods from the Controller, the Controller is entitled to process the customer's basic personal, identification, and contact data, data on the goods, and data from communication between the customer and the Controller for a period of 4 years from the date of expiry of the warranty period for the goods.
    c) In the event of negotiations between the Administrator and a potential customer regarding the conclusion of a contract that did not result in the conclusion of a contract, the Administrator is entitled to process the personal data provided for a period of 6 months from the end of the pre-contractual negotiations.
    d) Tax documents issued by the Controller are archived in accordance with Section 35 of Act No. 235/2004 Coll., on Value Added Tax, for a period of 10 years from the end of the tax period in which the performance took place. Due to the need to document the legal reason for issuing invoices, customer contracts are also archived for a period of 10 years from the date of termination of the contract.

    6. Categories of recipients of personal data

    In fulfilling its contractual obligations and duties, the Administrator uses the professional and specialized services of other entities. If these suppliers process personal data provided by the Administrator, they have the status of personal data processors and process personal data only within the scope of the Administrator's instructions and may not use it otherwise. These include, in particular, freight carriers, payment gateway providers, experts, lawyers, auditors, IT system administrators, internet advertising providers, and sales representatives. The Controller carefully selects each such entity and concludes a personal data processing agreement with each of them, in which the processor has strict obligations to protect and secure personal data.

    7. Rights of data subjects

    In accordance with the GDPR, the data subject has the rights listed below. If these rights relate to the Controller, the data subject is entitled to exercise them at the contact addresses listed in Article 1 of these Principles.

    Right of access to personal data

    According to Article 15 of the GDPR, the data subject has the right to access personal data, which includes the right to obtain confirmation from the Controller as to whether or not personal data concerning him or her are being processed, and if so, the right to access such personal data and information about:

    a) the purposes of the processing,

    b) the categories of personal data concerned,

    c) the recipients to whom the personal data have been or will be disclosed,

    d) the envisaged period for which the personal data will be stored,

    e) the existence of the right to request from the Controller the rectification or erasure of personal data concerning the data subject or the restriction of processing or to object to such processing,

    f) the right to lodge a complaint with a supervisory authority,

    g) any available information on the source of the personal data, if not obtained from the data subject,

    h) the fact that automated decision-making, including profiling, is taking place,

    i) appropriate safeguards when transferring data outside the EU,

    Provided that the rights and freedoms of other persons are not adversely affected, the data subject also has the right to request a copy of the personal data processed. In the event of a repeated request, the Controller is entitled to charge a reasonable fee for the copy of the personal data.

    Right to rectification

    According to Article 16 of the GDPR, the data subject has the right to rectify inaccurate or incomplete personal data processed by the Controller. The data subject is obliged to report changes to their personal data and to provide evidence that such a change has occurred. At the same time, they are obliged to cooperate with the Controller if it is found that the personal data processed about them is inaccurate.

    Right to erasure

    According to Article 17 of the GDPR, the data subject has the right to erasure of personal data concerning them if the Controller does not demonstrate legitimate grounds for the processing of such personal data.

    Right to restriction of processing

    Pursuant to Article 18 of the GDPR, the data subject has the right to restriction of processing until the complaint is resolved if he or she disputes the accuracy of the personal data, the reasons for its processing, or if he or she objects to its processing. If processing has been restricted, the personal data in question may, with the exception of storage, only be processed with the consent of the data subject, or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the EU or of a Member State.

    The Controller's obligation to notify regarding the rectification or erasure of personal data or the restriction of processing

    In the event of rectification, erasure, or restriction of processing of personal data, the Controller is obliged under Article 19 of the GDPR to inform the individual recipients of the personal data of this fact, except where this proves impossible or requires disproportionate effort. Upon request by the data subject, the Controller shall provide the data subject with information about these recipients.

    Right to data portability

    Pursuant to Article 20 of the GDPR, the data subject has the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format, and the right to request the Controller to transfer this data to another controller, if the processing of personal data was based on the conclusion and performance of a contract or on the consent of the data subject and the processing is carried out by automated means. If the exercise of this right could adversely affect the rights and freedoms of third parties, such requests cannot be granted.

    Right to object to the processing of personal data

    Under Article 21 of the GDPR, the data subject has the right to object to the processing of their personal data on the grounds of the legitimate interests of the Controller. If the Controller fails to demonstrate that there are compelling legitimate grounds for the processing which override the interests or rights and freedoms of the data subject, the Controller shall immediately terminate the processing on the basis of the objection.

    Right to withdraw consent to the processing of personal data

    Consent to the processing of personal data for marketing and business purposes may be withdrawn at any time. Withdrawal must be made by an explicit, comprehensible, and specific expression of will. The processing of data from cookies can be prevented by adjusting your web browser settings.

    Right to be informed of a personal data breach

    Under Article 34 of the GDPR, the data subject has the right to be informed by the Controller without undue delay of a breach of personal data received by the Controller, if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons.

    Right to contact the Office for Personal Data Protection

    The data subject has the right to contact the Office for Personal Data Protection (www.uoou.cz) if they discover or believe that the Controller or processor is processing their personal data in violation of the protection of the data subject's private and personal life or in violation of the relevant legal regulations.